Posted
by
BeauHDon Tuesday May 01, 2018 @04:42PM
from the mission-accomplished dept.

An anonymous reader quotes a report from The Verge: The team behind secure messaging app Signal says Amazon has threatened to kick the app off its CloudFront web service unless Signal drops the anti-censorship practice known as domain-fronting. Google recently banned the practice, which lets developers disguise web traffic to look like it's coming from a different source, allowing apps like Signal to evade country-level bans. As a result, Signal moved from Google to the Amazon-owned Souq content delivery network. But Amazon implemented its own ban on Friday. In an email that Moxie Marlinspike -- founder of Signal developer Open Whisper Systems -- posted today, Amazon orders the organization to immediately stop using domain-fronting or find another web services provider. Signal used the system to provide service in Egypt, Oman, and the United Arab Emirates (UAE), where it's officially banned. It got around filters by making traffic appear to come from a huge platform, since countries weren't willing to ban the entirety of a site like Google to shut down Signal. "The idea behind domain fronting was that to block a single site, you'd have to block the rest of the internet as well. In the end, the rest of the internet didn't like that plan," Marlinspike writes. "We are considering ideas for a more robust system, but these ecosystem changes have happened very suddenly. [...] In the meantime, the censors in these countries will have (at least temporarily) achieved their goals. Sadly, they didn't have to do anything but wait."

I believe that Orwell's essay on fascism [orwell.ru] is still as apt as ever. Essentially it's just a way to describe a political (or more generally, any ideological) opponent you don't like and historically been flung at just about everyone from communists to Catholics. It's a fancier way of saying "bad guy" in most cases.

Orwell was right at the time, and perhaps right again now as we have come full circle. In between the end of WW2 and the recent resurgence of the far right, fascism was well defined:

Fascism is a form of radical authoritarian nationalism,[1][2] characterized by dictatorial power, forcible suppression of opposition and control of industry and commerce,[3] which came to prominence in early 20th-century Europe.[4] The first fascist movements emerged in Italy during World War I before it spread to other European countries.[4] Opposed to liberalism, Marxism and anarchism, fascism is usually placed on the far-right within the traditional leftâ"right spectrum.

(from Wikipedia)

The far right is now doing the same thing they did back in the 30s; they are trying to redefine what fascism means and label their opponents as it (e.g. AntiFa, whose name literally means anti-fascism, are often accused of being fascists). It's an attempt to move the central political ground to the right and crea

put me in a room with a dozen nazis and a dozen antifa, and while i hope someone blows up the room, im going to be more terrified of antifa, they are the ones using violence while the nazis walk around screaming slogans with 5$ tiki torches.

More like Amazon and Google are yielding to pressure from Egypt, Oman, and the United Arab Emirates (UAE) (or from one of their friends) that don't like when people bypass their bans, which itself is pretty fascist when they dictate how you can use the Internet.

What makes something fascist? I don't know anymore. It used to be relatively simple.

Yeah, I get that. Some asshat called me a fascist and assumed I agreed with NAZIs because I had the audacity to defend free speech. But that sort of hyperbole has always been around. It's bullshit and has always been bullshit. It's a cheap and easy low-effort insult by pseudo intellectuals who can't stop their rage-boner against Hitler. Tribalism through and through. They simply hate the other side enough to hate anyone near them as well.

There's a bunch of little things that taste like fascism, but I think it boils down to trying control what people do. If they're free to make their own decisions without being forced, compelled, threatened, or encouraged than it's not fascist. And yeah, that's a sliding scale. If China instituted fines for muslims instead of outright confiscating their prayer mats [independent.co.uk] that'd be a step away from fascism... but it's still pretty fascist. If NY added a sugary-drink-tax to try and make people be less fat... that's a little fascist.

A handful of shitty countries are trying to control how people use the Internet. That's fascist. They're pressuring these companies (or their political allies, like the USA govt) to put a stop to the workaround. These companies are yielding, or helping out, probably just because it helps make them a buck as well. That's aiding fascists.

Maybe that's reading into it though. Maybe they really just want to control the internet a little more and make it a little more regulated (which WILL help them profit). That's a slight amount of... controlling others. Forcing Internet services to have a more truthful identification. Imagine if slashdot suddenly forced you to stop using "GLMDesigns" or being an anonymous coward and enforced "real names only". In the name of stopping shitposting. That's control. Regulation. And it's a little fascist.

Evelyn Beatrice Hall, paraphrasing Voltaire, "I might not agree with what you have to say but I will defend, to the death, your right to say it".

You know? I've never really been part of a group where the morally right thing to do is the minority opinion. I've been in groups of assholes before, sure, but I was always an outsider. Republicans have a bunch of shitty views, but they at least have an argument about why they're good ideas. They might even be right about some of them. I hung out with some racists,

You are referring to a famous quote that may or may not have been said by Benito. But at best it was just the PR version of fascism.

If you want a short definition, go to a high-quality dictionary:

An authoritarian and nationalistic right-wing system of government and social organization.

The term Fascism was first used of the totalitarian right-wing nationalist regime of Mussolini in Italy (1922–43), and the regimes of the Nazis in Germany and Franco in Spain were also Fascist. Fascism tends to include a belief in the supremacy of one national or ethnic group, a contempt for democracy, an insistence on obedience to a powerful leader, and a strong demagogic approach.

Fascism was an anti-socialist movement and then what has been called an "extra-ordinary form of the capitalist state" which flourished primarily in interbellum Europe where, as in the prototypical cases of Italy and Germany, there was the wide-spread perception of a real threat of imminent socialist revolution. It is characterised as the movement by copying then extant (extra-parliamentary) socialist forms of organisation (party stru

Your question seems to be rhetorical and you already believe you know what fascism is, but for those who really wonder, I've personally found Umberto Eco's article on Ur-Fascism [nybooks.com] revealing.

I also want to address your last question, because I believe the way you ask it is very counter-productive. Left-wing authoritarianism and totalitarianism share many traits with fascism and some with nazism, of course, but in other respects these traditions are very distinct from each other. It's not a good idea to mix tho

Check out economic fascism/corporatism, which seems to be very relevant for Google and Amazon. The gist is that huge coroprations cooperate with the state(s). Google itself doesn't have to be 'fascist', but if the state involved is, then Google is a contributer to a fascist system. China comes to mind, clearly a fascist/corporative state. IBM's cooperation with nazi Germany is a historical example.

Corporations should not be evil ("Don't be evil", Google's old slogan), but they are as long as they support d

Marlinspike writes. "We are considering ideas for a more robust system, but these ecosystem changes have happened very suddenly. [...]

While you consider and implement these "ideas for a more robust system", move to azure to buy yourselves more time.

AFAIK, Azure still supports domain fronting. Granted, is a little different than Google's and Amazon's (in that both the fronted domain and the final destination have to be azure hosted), but still, is better than the alternatie of having your app censored while a new solution arrives, which can take, weeks, months or even years...

Nice application you have there, would be a shame if someone were to pull it offline.

It's simple, company (Amazon, Google) are making billions in pure profit. Locals want a piece of it. Companies are paying little to no taxes.

Said this before, it started with TPB, Wikileaks, etc. and I'm going to laugh all the way to the bank as people realize how fucked they've become by depending on these companies to the point you've outsourced everything. What exactly did you expect to happen.

It's not as though the server is pretending to be Amazon. As far as the legitimate observers (i.e., the server and client) are concerned, the client requests a URL from xyzzy.cloudfront.net, and the xyzzy.cloudfront.net server sends back its response. There's no deception going on at the application layer. Amazon's "branding" is not involved in any way.

The only people who are potentially deceived are people who are sticking their noses where they don't belong.

OK we got that part. Censorship is bad. And this domain fronting is one way to evade censorship.

So we heard about *one* legitimate noble use of domain fronting.

Amazon and Google are banning probably to improve their tracking and their own bottom line. Fine.

Now are there illegitimate uses for domain fronting? Is it used by scammers? Is it used by malware hawkers? Can we have some balance in reporting and mention the dark underbelly of domain fronting? Or has slash dot is PR fronting for some scammers and spammers?

Now are there illegitimate uses for domain fronting? Is it used by scammers? Is it used by malware hawkers?

Who cares? It's nobody's damn business. You can use a butter knife to kill a guy too. We need an indelible internet. It is not important who uses it for what. So hopefully we'll soon find a way around the domain fronting thing with something the tyrants can't take down. That is all that matters.

There are some, and used to be a lot more but these days it takes a different form.

Before tor was a thing, pretty much any ransomware used domain fronting.DDoS and spam malware used to use it for their command-and-control functions.

In fact malware authors that are also part script kiddie still do this, but they don't use companies like Google or Amazon or what have you, as that requires dealing with maintaining an account such that you can't be tracked down, and since Google/Amazon charge money for their se

Amazon and Google are banning probably to improve their tracking and their own bottom line. Fine.

Why is that fine? You've already established that there are legitimate uses for this. A corporations putting an end to this for their own profit.... is not fine.

Can we have some balance in reporting and mention the dark underbelly of domain fronting?

Oh sure. I get that. Call it like it is "Domain spoofing".

But this? "Signal used the system to provide service in Egypt, Oman, and the United Arab Emirates (UAE), where it's officially banned. It got around filters by making traffic appear to come from a huge platform, since countries weren't willing to ban the entirety of a site like Google to s

A corporations putting an end to this for their own profit.... is not fine.

You don’t seem to understand how public corporations work. Ultimately, most executives can be forced out an executive for not serving their duties to their shareholders - a bunch who typically care only about profit.

Cloud provider’s goal is to connect to the most customers in the most markets and the most countries possible, while turning the highest profits possible. They can do neither when a government orders all traffic to them blocked.

Oh, the ol' "I'm legally compelled to be an asshole in the name of profits" argument. Ha. Sure.

Ok, the CEO of google could fire EVERYBODY eliminate all that cost, maximizing cash on hand therefore maximizing value to the shareholders.

He could take on a massive loan and hire a shit-ton of scientists to do basic research that will probably never pay out and if it did would take decades to capitalize on but would give them a cutting edge therefore maximizing value to the shareholders.

Ok, the CEO of google could fire EVERYBODY eliminate all that cost, maximizing cash on hand therefore maximizing value to the shareholders.

Your argument has zero basis in reality. Firing all the employees doesn’t provide value to shareholders, and it will destroy value of the company (and its stock). Stocks are valued not only on the basis of the company’s current assets, but upon their ability to provide additional return in the future. If all of the employees are fired, Google no longer has a

Your argument has zero basis in reality. Firing all the employees doesn’t provide value to shareholders,

It literally stops the company from spending cash. If income keeps coming in, that would result in more profit, and larger dividends. You know, if the company does that. Companies quite often get a stock bump when they have layoffs. This is.... business 101. Come on. It's also an extreme. Of course the company would then fold. Really crash and burn. Duh. It's an example of the COMPLETE BULLSHIT that can be justified via the "I'm compelled to maximize profits" line. If you balked at that, YES

Investors aren’t fools, and they know laying off the entire workforce is a breath away from bankrupcy. There is a huge difference between that and laying off employees because they would otherwise be idle due to lack of demand.

You’re claiming that a complete layoff will raise value, and simultaneously saying the company would fold. They are mutually exclusive, so which is it?

If you're saying I've no right to choose where I shop, then who is the tyrant?

Of course I’m not saying you have no right where to shop.

On the flipside, Amazon is also free to refuse service.

Hold up... If you despite Amazon so much, why are you defending them as being powerless to help thwart dictators

COULD raise value. And more precisly to the point that the argument "The company should do X, to raise value" could be used to JUSTIFY said bat-shit-crazy-idiotic plan that has no basis in reality. AND THAT IS BULLSHIT. You are AGREEING with me that this is bullshit, and that help support my point: "When the scope of possible actions that can be justified by "I was doing it for the shareholders" is THAT broad, it's a meaningless statement. Simply bullshit." If you ever hear anyone claim that they

Yesterday, AWS became aware of your Github and Hacker News/ycombinator posts describing how Signal plans to make its traffic look like traffic from another site, (popularly known as “domain fronting”) by using a domain owned by Amazon —Souq.com. You do not have permission from Amazon to use Souq.com for any purpose. Any use of Souq.com or any other domain to masquerade as another entity without express permission of the domain owner is in clear violation of the AWS Service Terms (Amazon CloudFront, Sec. 2.1: “You must own or have all necessary rights to use any domain name or SSL certificate that you use in conjunction with Amazon CloudFront”). It is also a violation of our Acceptable Use Policy by falsifying the origin of traffic and the unauthorized use of a domain.

We are happy for you to use AWS Services, but you must comply with our Service Terms. We will immediately suspend your use of CloudFront if you use third-party domains without their permission to masquerade as that third party.

So while that sounded like a good defense of Amazon, you're just bullshitting from the cuff without knowing what you're talking about. Hey, I get it. You're debating and arguing for your side. But the situation isn't like you think. Amazon trying to shut them down, for profit, is not fine.

I am not advertising and selling a "cloud" service to other people to pay me to run their communications through my computers. Google and Amazon are making money off this. And now they are being picky about who does what with that service.

How many thousands of political dissidents have Google and Amazon enabled totalitarian dictatorships to murder?

I don't know, how many have you?

I mean, you've defined "enabling murder" as simply not allowing someone else to run their communications through their computers. Do you allow that?

I know. I also ask random posters on the internet why they keep allowing police officers to shoot unarmed people, instead of just asking those police chiefs/department/DAs/elected officials. I mean, I've define

How many thousands of political dissidents have Google and Amazon enabled totalitarian dictatorships to murder?

I don't know, how many have you?

I mean, you've defined "enabling murder" as simply not allowing someone else to run their communications through their computers. Do you allow that?

I know. I also ask random posters on the internet why they keep allowing police officers to shoot unarmed people, instead of just asking those police chiefs/department/DAs/elected officials. I mean, I've defined "enabling

o in your analysis of the original post that started this I'm supposed to analogize Google and Amazon to the "police officers"

Nope, I'm comparing them to police chiefs, DAs and elected officials. That is, people who have the power to restrain the cops, but don't. Similarly, Google and Amazon have the power to restrain a dictatorship (to a limited degree), but aren't.

Nope, I'm comparing them to police chiefs, DAs and elected officials. That is, people who have the power to restrain the cops, but don't. Similarly, Google and Amazon have the power to restrain a dictatorship (to a limited degree), but aren't.

Well, isn't that a sad, little cop-out. Amazon and Google have the power to restrain Russia or Iran? With what?! A denial of gmail and prime shipping?

the original poster is not like the police chiefs, DAs, and elected officials because... they could allow communications through their computers -- even via domain fronting -- but choose not to do so at all.

Nope. If the original poster owned a giant cloud computing operations then they would be just as culpable. The thing is, Google/Amazon can do it and not get blocked (at least without great cost to the blocker.) So they have the power to do something about it. A random poster on the internet does not

Nope. If the original poster owned a giant cloud computing operations then they would be just as culpable. The thing is, Google/Amazon can do it and not get blocked (at least without great cost to the blocker.) So they have the power to do something about it. A random poster on the internet does not.

And if you don't do it you're "enabling murder," but if you're small and don't do it, you're not.